Commit 3f910e42 authored by Zeeshan Ali's avatar Zeeshan Ali

service-client: Disallow app if disabled by config

We were treating both of these as same:

* app explicitly disallowed by configuration
* app not present in configuration

As a result we were asking agent about both and since currently the only
agents we have (demo and gnome-shell) allow all apps, we ended-up allowing
apps that were explicitly disallowed by configuration.
parent 78f43372
......@@ -284,10 +284,10 @@ gclue_config_is_agent_allowed (GClueConfig *config,
return FALSE;
}
gboolean
gclue_config_is_app_allowed (GClueConfig *config,
const char *desktop_id,
GClueClientInfo *app_info)
GClueAppPerm
gclue_config_get_app_perm (GClueConfig *config,
const char *desktop_id,
GClueClientInfo *app_info)
{
GClueConfigPrivate *priv = config->priv;
GList *node;
......@@ -305,23 +305,29 @@ gclue_config_is_app_allowed (GClueConfig *config,
}
}
if (app_config == NULL || !app_config->allowed) {
g_debug ("'%s' not in configuration or not allowed", desktop_id);
if (app_config == NULL) {
g_debug ("'%s' not in configuration", desktop_id);
return GCLUE_APP_PERM_ASK_AGENT;
}
if (!app_config->allowed) {
g_debug ("'%s' disallowed by configuration", desktop_id);
return FALSE;
return GCLUE_APP_PERM_DISALLOWED;
}
if (app_config->num_users == 0)
return TRUE;
return GCLUE_APP_PERM_ALLOWED;
uid = gclue_client_info_get_user_id (app_info);
for (i = 0; i < app_config->num_users; i++) {
if (app_config->users[i] == uid)
return TRUE;
return GCLUE_APP_PERM_ALLOWED;
}
return FALSE;
return GCLUE_APP_PERM_DISALLOWED;
}
gboolean
......
......@@ -38,6 +38,12 @@ G_BEGIN_DECLS
#define GCLUE_IS_CONFIG_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GCLUE_TYPE_CONFIG))
#define GCLUE_CONFIG_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GCLUE_TYPE_CONFIG, GClueConfigClass))
typedef enum {
GCLUE_APP_PERM_ALLOWED,
GCLUE_APP_PERM_DISALLOWED,
GCLUE_APP_PERM_ASK_AGENT
} GClueAppPerm;
typedef struct _GClueConfig GClueConfig;
typedef struct _GClueConfigClass GClueConfigClass;
typedef struct _GClueConfigPrivate GClueConfigPrivate;
......@@ -61,7 +67,7 @@ GClueConfig * gclue_config_get_singleton (void);
gboolean gclue_config_is_agent_allowed (GClueConfig *config,
const char *desktop_id,
GClueClientInfo *agent_info);
gboolean gclue_config_is_app_allowed (GClueConfig *config,
GClueAppPerm gclue_config_get_app_perm (GClueConfig *config,
const char *desktop_id,
GClueClientInfo *app_info);
gboolean gclue_config_is_system_component (GClueConfig *config,
......
......@@ -338,6 +338,8 @@ gclue_service_client_handle_start (GClueClient *client,
StartData *data;
const char *desktop_id;
GClueAccuracyLevel accuracy_level, max_accuracy;
GClueAppPerm app_perm;
guint32 uid;
if (priv->locator != NULL)
/* Already started */
......@@ -352,19 +354,32 @@ gclue_service_client_handle_start (GClueClient *client,
return TRUE;
}
config = gclue_config_get_singleton ();
uid = gclue_client_info_get_user_id (priv->client_info);
app_perm = gclue_config_get_app_perm (config,
desktop_id,
priv->client_info);
if (app_perm == GCLUE_APP_PERM_DISALLOWED) {
g_dbus_method_invocation_return_error (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"'%s' disallowed by "
"configuration for UID %u",
desktop_id,
uid);
return TRUE;
}
data = g_slice_new (StartData);
data->client = g_object_ref (client);
data->invocation = g_object_ref (invocation);
config = gclue_config_get_singleton ();
accuracy_level = gclue_client_get_requested_accuracy_level (client);
/* No agent == No authorization needed */
if (priv->agent_proxy == NULL ||
gclue_config_is_system_component (config, desktop_id) ||
gclue_config_is_app_allowed (config,
desktop_id,
priv->client_info)) {
app_perm == GCLUE_APP_PERM_ALLOWED) {
complete_start (data, accuracy_level);
return TRUE;
......@@ -372,8 +387,6 @@ gclue_service_client_handle_start (GClueClient *client,
max_accuracy = gclue_agent_get_max_accuracy_level (priv->agent_proxy);
if (max_accuracy == 0) {
guint32 uid = gclue_client_info_get_user_id (priv->client_info);
g_dbus_method_invocation_return_error (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment